170 likes | 271 Views
Authentication and Key Management of MP with multiple radios. Date: 2008-07-09. Authors:. Abstract.
E N D
Authentication and Key Management of MP with multiple radios Date: 2008-07-09 Authors: Charles Fan,Amy Zhang, Huawei
Abstract This presentation states the CID #504 from LB126, the secure association setup problem when the multiple radios MP joins into the mesh network, and the suggested solution including the summary text change of the draft. CID#504: PMK-MKD which is derived after the higher-layer authentication should only be related with the authentication credential and some other device information , not tighten-related with the MAC address of a radio. It would induce multiple authentication problems when the mesh node has two or more radios Charles Fan,Amy Zhang, Huawei
Agenda • Problem Statement • Resolution Charles Fan,Amy Zhang, Huawei
Current Secure association setup mechanism Supplicant Mesh Authenticator Step1: • The pair nodes doesn’t know whether the links exist between them are redundant Step2: • After MP authenticates with AS through MKD • PMK-MKD and MKDK will be derived using the current hierarchy Step1: Authentication Method & Role & Key Management type Negotiation Probe/Beacon Peer Link Management Step2:Authentication through MKD & The key hierarchy setup Initial Authentication if needed Step3: PTK/GTK distribution 4-Wayhandshaketobuildsessionkeys Securecommunication Charles Fan,Amy Zhang, Huawei
Link Security Branch Key Distribution branch MSK/PSK Held by MKD & Supplicant PMK-MKD = L(MeshTopLevelKeyData, 0, 256) Held by Supplicant & MKD MKDK = L(MeshTopLevelKeyData, 384, 256) PMK-MKD MKDK Held byMKD, Supplicant & MA PMK-MA=KDF-256(PMK-MKD,”MA Key Derivation”, PMK-MKDName|| MA-ID|| SPA) PMK-MA Held & Derived by Supplicant & MKD, deliver PMK-MA MPTK-KD=KDF-256(MKDK, “Mesh PTK-KD Key”,MA-Nonce||MKD-Nonce||MA-ID||MKD-ID) MPTK-KD Held & Derived bySupplicant & MA PTK=KDF(PMK-MA,”Mesh PTK key derivation”,MPTKSNonce|| MPTKANonce|| MA-ID||SPA||PMK-MAName) PTK Current 802.11s Key Hierarchy • The PMK-MKD and MKDK are bound with SPA. • MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS-ID, MKDD-ID, SPA) • There will be multiple SPAs for a multi-radio Supplicant MP; hence there will be multiple PMK-MKDs and MKDKs • Multiple initial authentication procedures should have to be launched. Charles Fan,Amy Zhang, Huawei
Disadvantages of multiple authentications • Can not detect the authentication credential is used for different MPs or different radios in the same MP simultaneously. • The authentication credential may be used by multiple MPs simultaneously. • Increase the air cost overhead when launching multiple times initial authentication Charles Fan,Amy Zhang, Huawei
The root of the above problem • The link association and key management binds tightly with the MAC which is the identification of the wireless radio module • One node may have two or more wireless radio modules • One MAC ID can’t solely identify the node Charles Fan,Amy Zhang, Huawei
Agenda • Problem Statement • Resolution Charles Fan,Amy Zhang, Huawei
Solution Requirements • The security architecture should support devices with multiple radios • The initial authentication should only be launched once when an MP join the mesh network, no matter how many radios it has. • Authentication credential is issued one MP device • One PMK-MKD and one MKDK for an MP, shared by all the radios • Different radio in the same MP should use different PTK. • Distribute keys for radios of the device through one time initial authentication procedure • There should be one MPTK-KD between an MA and MKD. • The communication between MKD and MP is not tied to a peer link with MAC addresses • Less modification, more better. Charles Fan,Amy Zhang, Huawei
Possible solution • Classify two identifiers • MP-ID: six bytes to only identify the MP node. It may use one of the MAC address of the MP if there are more than one PHY. • MPA: the MAC address of the communicating radio module of the MP. • Three roles when MP doing authentication and key hierarchy, and different ID names to identify the roles which actually is ‘MP-ID’. • Amend the current security solution defined in D2.0 • Bind PMK-MKD ,MKDK and PMK-MA to SP-ID instead of SPA • MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS-ID, MKDD-ID, SP-ID) • Only one MPTK-KD between an MA and MKD • The key is to protect the communication between the two node entities, not the link level • PTKs should bind with peer link MAC addresses • Only need to change the name of ‘MA-ID’ into ‘MAA’ (Mesh Authenticator Address), because the MAA has the same definition of ‘MA-ID’ in 802.11s D2.0 Charles Fan,Amy Zhang, Huawei
Peer Link Management negotiation clarify MP1 MP2 • Get the MP-ID and the radio MAC address (MPA) • Selector MP • The MP is the Selector MP if its MP-ID is numerically larger than that of the candidate peer MP. • PMK-MA negotiation • Is there available PMK-MA for the pair of MP-ID? • Link instance is bind with MPAs • <local MPA, peer MPA, local ID, peer ID> I’m MP-ID#1, MPA#1, Who are u? I have PMK-MA#1 ... I’m MP-ID#2, MPA#2, Who are u? I have PMK-MA#1, PMK-MA#2 ...... PMK-MA negotiation by MP-ID Role negotiation PMK-MA negotiation by MP-ID Role negotiation I’m supplicant, use PMK-MA#1 OK, I’m authenticator, I could use PMK-MA#1 ... Charles Fan,Amy Zhang, Huawei
MA MKD AS Sup MP Peer Link Open (RequestAuthentication, SP-ID) 1. EAPOL-Start 2. EAPOL (EAP-Request Identity) 4. Mesh EAP encapsulation (SP-ID) 3. EAPOL (EAP-Response Identity) 5. EAP Transport (EAP-Response Identity) 6. EAP-specific (mutual) authentication Derive Pairwise Key (PMK-MKD, MKDK, PMK-MA) 7. EAP Transport (EAP-Success, MSK) Derive Pairwise Key (PMK-MKD, MKDK, PMK-MA) 8. Mesh EAP encapsulation(EAP-Response) 9. EAPOL (EAP-Success) Initial authentication clarify • Supplicant MP uses PLM to tell the SP-ID to MA in MSAIE and trigger the initial authentication procedure • MA transfers the SP-ID to MKD in Mesh EAP encapsulation frame • Supplicant MP and MKD use SP-ID to derive the PMK-MKD ,MKDK ,PMK-MA and to request PMK-MA Charles Fan,Amy Zhang, Huawei
Link Security Branch Key Distribution branch MSK/PSK Bind with MPs Held by MKD & Supplicant PMK-MKD = L(MeshTopLevelKeyData, 0, 256) Bind with MPs Held by Supplicant & MKD MKDK = L(MeshTopLevelKeyData, 384, 256) PMK-MKD MKDK Bind with MPs Held byMKD, Supplicant & MA PMK-MA=KDF-256(PMK-MKD,”MA Key Derivation”, PMK-MKDName|| MA-ID|| SP-ID) PMK-MA Bind with MPs Held & Derived by Supplicant & MKD, deliver PMK-MA MPTK-KD=KDF-256(MKDK, “Mesh PTK-KD Key”,MA-Nonce||MKD-Nonce||MA-ID||MKD-ID) MPTK-KD Bind with Radios Held & Derived bySupplicant & MA PTK=KDF(PMK-MA,”Mesh PTK key derivation”,MPTKSNonce|| MPTKANonce|| MAA||SPA||PMK-MAName) PTK 802.11s Key Hierarchy Clarify • MAA: the authenticator MP’s MAC address • SPA: the supplicant MP’s MAC address • SP-ID: the MAC address of the Supplicant MP; it is the one of the MAC address of the Supplicant MP if it has more than one PHY. • MA-ID: the MAC address of the MA; it is one of the MAC addresses of the MA if it has more than one PHY. • MKD-ID: the MAC address of the MKD; it is the one of the MAC address of the MKD if it has more than one PHY • MeshTopLevelKeyData = KDF-768(XXKey, “Mesh Key Derivation”,MeshID, MKD-NAS-ID, MKDD-ID, SP-ID) Charles Fan,Amy Zhang, Huawei
Updated text of the Draft • New Abbreviations: • MP-ID: Mesh point Identifier • MPA: Mesh Point Address • Change the SPA into SP-ID when deriving the MKDK ,PMK-MKD and PMK-MA. • Change the MA-ID into MAA when deriving the PTK. • Change the criterion of selector MP • Add the local MP-ID subfield in MSA IE in order to let the pair MPs know the identities of each other. • Change the SPA into SP-ID in EAP Authentication field to send the SP-ID to MKD. • Extend the definition of MA-ID and MKD-ID to support multiple radios MP. Element ID Length Handshake Control Local MP-ID MA-ID Selected AKM Suite Selected Pairwise Cipher Suite Chosen PMK Local Nonce Peer Nonce Optional Parameters Charles Fan,Amy Zhang, Huawei
Replay Counter SPA SP-ID PMK-MKDName Updated text of the Draft • Change the SPA into SP-ID in Mesh Key Transport Control field when requesting the PMK-MA Charles Fan,Amy Zhang, Huawei
Summarization • Less modification, more efficiency • Add the term ‘MP-ID’ to only identify the MP, especially for the multiple radio MPs, and hence the SP-ID, MA-ID, MKD-ID when the MP is in different roles. • Extend the definition of MA-ID and MKD-ID to be an unique identify of the MP devices, which are more reasonable to be named as an identifier also. • Add the local MP-ID(6 bytes) field in MSA IE to let the pair MPs know the identities of each other when building the link. • Rename the ‘MA-ID’ to ‘MAA’ in PTK derivation formula to make the PTK bind with peer links Charles Fan,Amy Zhang, Huawei
Reference • Draft_P802.11s_D2.00 Charles Fan,Amy Zhang, Huawei